(Page 1 of 11)   1 2 3 4 5 6  Next >

Category: Auditing » Passwords

Katana: Portable Multi-Boot Security Suite
Added 2009-11-25
by .ronin
Katana v1 (Kyuzo) has just been released from www.hackfromacave.com . The Katana: Portable Multi-Boot Security Suite is designed to fulfill many of your computer security needs. The idea behind this tool is to bring together many of the best security distributions and applications to run from one USB Flash Drive. Instead of keeping track of dozens of CDs and DVDs loaded with your favorite security tools, you can keep them all conveniently in your pocket. Katana includes distributions which focus on Penetration Testing, Auditing, Password Cracking, Forensics and Honey Pots. Katana comes with over 100 portable Windows applications, such as Wireshark, HiJackThis, Unstoppable Copier, Firefox, and OllyDBG. It also includes the following distributions: - Backtrack 4 pre - the Ultimate Boot CD - Ophcrack Live - Damn Small Linux - the Ultimate Boot CD for Windows - Got Root? Slax - Organizational Systems Wireless Auditor (OSWA) Assistant - Damn Vulnerable Linux Katana is also highly customizable. You can modify Katana by adding or removing distributions and portable apps with ease. You can add functionality to distributions like the Ultimate Boot CD, Got Root? Slax and UBCD4Win. You can also load your personal scripts and documents to keep them conveniently with you on your flash drive to use in concert with the provided tools. More informations on this can be found at forum.hackfromacave.com

CUPP
Added 2009-03-24
by Muris Kurgas
CUPP is a Common User Passwords Profiler. The most common form of authentication is the combination of a username and a password or passphrase. If both match values stored within a locally stored table, the user is authenticated for a connection. Password strength is a measure of the difficulty involved in guessing or breaking the password through cryptographic techniques or library-based automated testing of alternate values. A weak password might be very short or only use alphanumberic characters, making decryption simple. A weak password can also be one that is easily guessed by someone profiling the user, such as a birthday, nickname, address, name of a pet or relative, or a common word such as God, love, money or password. That is why CUPP was born, and it can be used in situations like legal penetration tests or forensic crime investigations.

netifera
Added 2009-02-21
by netifera
modular open source platform for network security tools. Multi-platform GUI. Tools included: TCP/UDP network information gathering, fingerprinting, service detection, DNS tools, zone transfer, passive information gathering, modular sniffing engine, credential sniffing, geographical information,web crawler.

lm2ntcrack
Added 2008-10-17
by Yannick Hamon
This tool provides a simple way to crack Microsoft Windows NT Hash (MD4) when the LM Password is known. It is entirely written in perl, so its easily ported and installed. This program must be used with the password cracker "John the Ripper" http://www.openwall.com/john/ * Example : [yann@xmcopartners:~/lm2ntcrack]$ time perl lm2ntcrack.pl -v -l="AZERTY123$" -n="81CD1A1C4CBCE05C0F8D411ACEC7587F" ############################################################################ # NT Password cracker from LM password # Version : 0.5a - Oct 2008 # By Yannick HAMON # Homepage : http://www.xmcopartners.com ############################################################################ [INFO] : "AZERTY123$" has 10 character(s) but contains 4 special(s) char(s) and/or integer(s) [INFO] : => 64 words will be generated ...... OK !! [INFO] : Crack NT password from "AZERTY123$" and NT HASH "81CD1A1C4CBCE05C0F8D411ACEC7587F" [CRACKED] AZERTY123$ => azERTy123$ real 0m0.033s user 0m0.025s sys 0m0.007s * NB : Recently, after developped this fabulous TOOL, I've found an old post on "openwall mailing-list" : http://www.openwall.com/lists/john-users/2006/07/08/2 This post explains how to crack NT hash from LM password with john-the-ripper (need to modify john's configuration file to use [List.Rules:NT] section and stop running john on the LM hashes). john -show pwfile | cut -d: -f2 > cracked john -w=cracked -rules -format=nt pwfile john -show -format=nt pwfile One known problem with this approach is that it'll fail for passwords containing colons (':' is cut delimiter). This problem does not impact "lm2ntcrack" and you can use "lm2ntcrack" while john is cracking LM hashes.

Sipflanker
Added 2008-08-02
by Sergio Castro
Many (if not most) VoIP devices have available a Web GUI for their configuration, management, and report generation. These Web GUIs are often on default, meaning that the moment you install the IP phone or IP PBX, the Web GUI is immediately available on the network. And unfortunately it is also common for the username and password to have the default values. Sipflanker will help you find these SIP devices with potentially vulnerable Web GUIs in your network. What the application does is search the range of IPs you specify, and checks if port 5060 is available. Whether open or close, port 5060 indicates the presence of a SIP device. Then it checks if port 80 (http) is open. The combination of an open port 80, together with port 5060, either open or closed, signals a SIP device with a Web GUI.

Windows Live Password Recovery
Added 2007-05-05
by Reactive Software
Windows Live Password Recovery is the tool that will instantly find, decrypt & recover Windows Live passwords that were saved by Windows Live Messenger on your PC under the current login. This decoder will recover multiple accounts and supports all known versions of Windows Live Messenger including Messenger Beta, MSN Messenger and Windows Messenger. This cracker works when the "Remember My Password" checkbox is ticked in Windows Live Messenger. Even is you have un-installed Windows Live Messenger there is still a chance that your password is saved on your PC.

ZippyLock
Added 2007-03-29
by Ergun Çoruh
ZippyLock is a free and extremely easy to use password management utility. Your password entries are kept in a 'private file' and nowhere else. ZippyLock uses Windows clipboard to transfer your data into forms (see the Demo at web site). When you run ZippyLock for the first time, it prompts you to create a new private file, and asks you to specify a MASTER PASSWORD. Later you will be prompted to save your private file. The private file will be stored on your hard-disk (or a USB Disk). The private file will be Triple-DES encrypted using a unique hash number generated from your MASTER PASSWORD. The hash number too will be encrypted by itself and stored in the same private file along with your encrypted passwords. Note that your MASTER PASSWORD is not stored anywhere. Your encrypted passwords are not stored anywhere other than the private file. No other auxiliary or reference information is kept in hidden places like registry, WINDOWS directory etc. Everything is stored in your private file that you control and nowhere else. In general TDES with three different keys (3TDES) has a key length of 168 bits: three 56-bit DES keys (with parity bits 3TDES has the total storage length of 192 bits), but due to the meet-in-the-middle attack the effective security it provides is only 112 bits. As of 2005, the best attack known on 3TDES requires around 232 known plaintexts, 2113 steps, 290 single DES encryptions, and 288 memory. This is not currently practical.

Scuba by Imperva
Added 2007-01-05
by Imperva
Scuba by Imperva is a free, lightweight Java tool that scans Oracle, DB2, MS-SQL, and Sybase databases for hundreds of software vulnerabilities. It also detects configuration flaws like insecure passwords, unsafe processes, unrestricted permission levels, and more. Furthermore, it generates HTML and Java reports that show overall security risk level and detailed information about each vulnerability – so you can pinpoint configuration risks within minutes. Scuba by Imperva detects hundreds of database vulnerabilities and configuration issues. And better yet – it helps you meet industry-leading best practices standards for database configuration and management.

md5tables
Added 2006-09-16
by CypherXero
md5tables is a shell script that references a wordlist of md5 hashes and words for password auditing. It can crack MD5 hashes from a wordlist of hashes/words in mere seconds.

MSN Password Recovery
Added 2006-09-07
by Reactive Software
MSN Messenger Password Recovery is the MSN password finder that instantly cracks and decrypts the MSN Messenger and Windows Messenger passwords stored on your computer. New version adds support for latest Windows Live Messeger (version 8).

Search Tools
Keyword:
Platform:
Category:
Browse by category
Auditing
Log Analysis, Host, Passwords, Network, File Integrity, PSTN, Forensics, Backdoors, Source Code
Sniffers
Recovery
Passwords
Utilities
Passwords, Filesystem, Network, System, Compiler, Log Management, Usage Monitoring, Email
Authentication
One Time Passwords, User Authentication, Password Management, Web, Server, Certificates, Tokens
Intrusion Detection
Network, Host, Web, Evasion
Access Control
Network, Firewall, user privileges, RPC, Bootup, File System, Applications, Mandatory Access Control, Server, X-Windows, ACLs, Privileges
Replacement
Libraries, Applications
Programming
Libraries
Cryptography
Libraries, Random Numbers, Traffic Encryption, Data Encryption, Cryptoanalysis, Steganography, E-mail
Network Monitoring
Policy Enforcement
Web Access, Email
System Security Management
Accounts, Console, Windows NT, Firewall, Configuration, Filesystem, Linux, Solaris, Monitoring
Network Utilities
Tunneling, Miscellaneous, Monitoring
Rootkits
Secure Deletion
Hardening
Linux, FreeBSD, NT, Solaris
Hostile Code
Detection, Removal, Sandbox


 

Privacy Statement
Copyright 2010, SecurityFocus